The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the project's git history and manifest files to generate content. * Ingestion points: Reads commit summaries from git log and version information from files like package.json or pyproject.toml. * Boundary markers: No specific delimiters or 'ignore' instructions are provided to prevent the agent from being influenced by malicious content embedded in commit messages or file metadata. * Capability inventory: The skill uses the Bash tool for command execution and the Write tool to create files in the .chalk/docs/engineering/ directory. * Sanitization: No validation or sanitization is mentioned for the data extracted from git logs or manifest files before it is written to the output file.
[COMMAND_EXECUTION]: The skill uses the Bash tool to run commands such as git log using variables derived from user-provided arguments or internal file content. This creates a potential command injection surface if the agent does not validate or sanitize these inputs before execution.

create-release-checklist